Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Is there a way to make the set-up one drive yellow warning from coming up?

 

I wanted to try Windows Defender Application Guard

I love smart solutions, like EMET and Exploit Mitigation. So what gives with this new thing called Application Guard? Indeed, I've sculpted a short article and preliminary review of the Windows Defender Application Guard usage attempt in Windows 10, covering convoluted setup with multiple sources, no Internet in Firefox during the extension configuration, security benefits of the solution, some snags, other details, and more. Do take a look.

https://www.dedoimedo.com/computers/windows-10-application-guard.html


Mods: if this should live in a thread of its own, please move it.

Cheers,
Mrk

 

Interestingly and of note, appears Cybereason detected a like attack back in Feb., 2019: https://www.cybereason.com/blog/information-stealing-malware-targeting-brazil .

 

Received 7-8-2019, KB4052623: Antimalware platform update package for Windows Defender.

https://support.microsoft.com/en-us/help/4052623/update-for-windows-defender-antimalware-platform

 

Anyone with Windows Defender SFC errors might find this helpful: https://support.microsoft.com/en-us...-flags-windows-defender-ps-files-as-corrupted

Cause

This is a known issue in Windows 10, version 1607 and later versions, and Windows Defender version 4.18.1906.3 and later versions.

The files for the Windows Defender PowerShell module that are located in %windir%\System32\WindowsPowerShell\v1.0\Modules\Defender ship as part of the Windows image. These files are catalog-signed. However, the manageability component of Windows Defender has a new out-of-band update channel. This channel replaces the original files with updated versions that are signed by using a Microsoft certificate that the Windows operating system trusts. Because of this change, SFC flags the updated files as "Hashes for file member do not match."

Future releases of Windows will use the updated files in the Windows image. After that, SFC will no longer flag the files.

Workaround

Because SFC incorrectly flags the files in %windir%\System32\WindowsPowerShell\v1.0\Modules\Defender, you can safely ignore the SFC error messages regarding these files.

 

New machine learning model sifts through the good to unearth the bad in evasive malware.

Much more in blog post here : https://www.microsoft.com/security/...e-good-to-unearth-the-bad-in-evasive-malware/

 

One is reading lots more about malicious ransom attacks on hospitals, power grids, town halls in cities large and small, and so on. It's really thought-provoking, it can affect anyone at any time. The article above is impressive and good reading--showing 95% precision rate. I would like to know how Defender ATP stacks up against third party competitors that are enterprise-focused. Anything published lately to that end?

 

Those are the big targets. Never try to extort money from poor people when you can collect millions. The problem is paying at all. There should be regular backups in place. The backups should run under an account nobody else has access to and an offline copy should be kept. Worst case you should never lose more than a couple of days worth of data depending on how old your offline backups are. Prevention is good but recovery is a must as 100% prevention is obviously impossible.

 

Their creators doesn't care, ransomware are like landmines, you throw as many as you can and wait the unaware victims to step on it. Poor or rich alike.

That is the theoretical and what should be done, but most companies/organizations can't or won't pay a full time security-qualified admin, they just need their obsolete OS, MS Office and their printer to work, the rest is superfluous.

 

guest: this is harsh but no doubt true. I see Windows 7 running in my local dental clinic; it had malware on its systems during my appt there. If someone was to go physically to a target location, freeze the systems and leave a ransom note, it's the pretty much the same high crime as deploying the malware remotely (trespassing aside). It's becoming like a war.

I'm way less interested in home security routines, I'm OK there. But, Baltimore City was recently hit in a bad way, ultimately affecting many and officials blamed the NSA for its woes but in reality, it's dirt poor, riddled with corruption and terribly complacent. Low hanging fruit. Con Edison, the power provider for much of NYC, had better have its act together otherwise because it's bumbling and fumbling a little too often when the weather gets nasty. These attacks are becoming more common, all over the place. That's why I'm pleased to see an article detailing such protection, like Defender ATP.

Edit: theoretical question: would a ransom-crook or national actor knowingly deploy malware that would knock out power to an entire municipality during a heat wave, leaving thousands to swelter without air conditioning? Oh, but if it isn't happening now, it ain't gonna happen, right??! .

 

They don't always know who they will get but obviously they would prefer high dollar targets. Like the time they found out they had a hospital and raised the ransom.

True, nobody wants to spend the money for qualified staff. Too bad the ransom will cost more.

 

Cybercriminal profiles have evolved, it shifted long ago from hacking geeks wanting to get fame and renown to mercenaries hired by various mafias or shady (governmental or not) organizations.
Those don't care of the well-being of people, they just want achieve their goal, their end justifify their means.

And people running unpatched outdated OS (for whatever silly reasons) are accomplices by inaction of those criminals and part responsible of the actual malware propagation. An unpatched outdated OS which is exploited (quite easily with kernel exploits) is one more zombie in a botnet and more firepower for the controller.

 

Are you insinuating to me? Because I **** on W10. W8.1 for the win!

 

I have a question about WD on Win 10 Home x(64) 1903.

I thought the "Suspicious Files" option was supposed to be available on all vers. of 1903? I even added its associated reg. key value and still it does not show. Does an ASR mitigation have to be added for this? Perhaps the "Block exec. files from running unless they meet prevalence, age, or trusted list criteria" ASR mitigation?

Appears this was an experimental setting since removed.

 

Problem in Wilders and forums is that people read post too fast and miss important elements.
I wrote "unpatched outdated OS", I guess both of you are applying security updates, right?

You can protect against malware more or less efficiently based on your skills but you have no protection against kernel exploits, only an OS patch can fix it.

 

+1 @guest

 

Yes I know your setup so I'm not worried about you or @Mr.X

 

Windows Defender got the TOP Product award in the last (June 2019) test from AV-TEST with a perfect score in all areas.

https://www.av-test.org/en/antivirus/home-windows

I wont be surprised if WD gets nominated as the antivirus of the year in 2020 by AV-Comparatives.

 

Definitely getting better with every new test. I wonder how competitors are going to react and offer to attract new and old customers...

 

Hi everyone, omg it's been a while since my last connection here in Wilders. So how are you guys doing with the great WD, I personally have had zero problems with malware whatsoever under Windows 10 since.

Greetings all

 

Hi Mac good to hear from you! I still have a year of subscription with Avira therefore I'll take a rain check with WD for the time being....